This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes#9312).
Discussion
----------
[Security] Fix docblock typo
Commits
-------
bff65b2 [Security] Fix docblock typo
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][Form] Changed FormTypeCsrfExtension to use the form's name as default intention
Equivalent of #9327, merged into 2.3.
Commits
-------
c4abe83 Merge branch 'fix-csrf-default-2.2' into fix-csrf-default-2.3
b07c618 [Form] Changed FormTypeCsrfExtension to use the form's name as default intention
This PR was merged into the 2.2 branch.
Discussion
----------
[2.2][Form] Changed FormTypeCsrfExtension to use the form's name as default intention
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Before, every form used the same "intention"/"csrf_token_id" value by default, namely "unknown". This PR fixes the default value to the form's name, which is at least different for forms with (a) explicit names and (b) different types, where the implicit name equals the type's name.
Commits
-------
b07c618 [Form] Changed FormTypeCsrfExtension to use the form's name as default intention
* 2.2:
[DoctrineBridge] Loosened CollectionToArrayTransformer::transform() to accept arrays
Removed unused use statements.
Make usleep longer and simplify assertions
Added japanese translation resource for security component.
[Yaml] Fixed the escaping of strings starting with a dash when dumping
Fix in ChainLoader.php
fixed wrong started states
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#9247).
Discussion
----------
[HttpKernel] Improve documentation of X-Forwarded-For header handling
After having problems with the handling of `X-Forwarded-For` headers and the configuration of trusted proxies, it was really hard to understand how the algorithm actually works. After looking into it, the PHPDoc of `IpUtils` did not really describe what the methods do. For `Request::getClientIps()` the PHPDoc actually explained how the `X-Forwarded-For` header works with multiple proxies, but it's really hard to understand, when it's not mentioned what the text is actually talking about. As one would expect a description of what the method does, I altered the description to describe the return value.
Feel free not to merge the inline comments in `Request::getClientIps()`, even though they greatly help understanding this method for somebody not deeply familiar with the internals of `HttpKernel` and HTTP proxy handling in general.
| Q | A
| ------------- | ---
| Fixed tickets | none
| License | MIT
Commits
-------
1f786e0 [HttpKernel] Improve documentation of X-Forwarded-For header handling
This PR was merged into the 2.2 branch.
Discussion
----------
[DoctrineBridge] Loosened CollectionToArrayTransformer::transform() to accept arrays
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Previously, writing an association getter like this was impossible:
```php
public function addTag(Tag $tag) { ... }
public function removeTag(Tag $tag) { ... }
public function getTags()
{
return $this->tags->toArray();
}
```
Using `toArray()` is a useful way to restrict modifications of the collection to the specified methods. But previously, CollectionToArrayTransformer failed in this case, because it did not accept arrays as input.
Commits
-------
55001ab [DoctrineBridge] Loosened CollectionToArrayTransformer::transform() to accept arrays
This PR was merged into the 2.2 branch.
Discussion
----------
Dead code v2.2
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
0946be6 Removed unused use statements.
This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes#9283).
Discussion
----------
[Security] Added japanese translation resource for security component.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
4176cf1 Added japanese translation resource for security component.
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] Docblock fix
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
`BinaryFileResponse::create()` has a different signature than `Response::create()` and cannot inherit its doc. I also fixed indentation in other blocks in this file.
Commits
-------
bb8930c Replaced the @inheritdoc with an actual list of params since the original method has a different signature.
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#9288).
Discussion
----------
fix typo : StdClass should be stdClass with little "s"
Commits
-------
febd1d8 fix typo : StdClass should be stdClass with little "s"
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#9278).
Discussion
----------
[HttpFoundation] Remove unnecessary continue from Request
Commits
-------
067f561 [HttpFoundation] Remove unnecessary continue from Request
This PR was merged into the 2.2 branch.
Discussion
----------
[Yaml] Fixed the escaping of strings starting with a dash when dumping
Dashes need to be escaped in character sets in regexes as they are used to specify a range otherwise.
It fixes the dumper bug reported in #9039 (the parsing issue is not fix here)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | partially #9039
| License | MIT
| Doc PR | n/a
Commits
-------
af369ae [Yaml] Fixed the escaping of strings starting with a dash when dumping
This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes#9270).
Discussion
----------
[Templating] Fix in ChainLoader.php
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The LoaderInterface requires the _time_ parameter to be passed.
Commits
-------
2631eb3 [Templating] Fix in ChainLoader.php
This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes#9246).
Discussion
----------
[Session] fixed wrong started state
Currently the session stays in the started mode after the call of ```save()``` which will close the session. We found the issue in our custom SAPI which keeps the symfony stack initialized over multiple requests.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
d641cd6 [Session] fixed wrong started states
* 2.2:
bumped Symfony version to 2.2.10
updated VERSION for 2.2.9
update CONTRIBUTORS for 2.2.9
updated CHANGELOG for 2.2.9
[Security] limited the password length passed to encoders
assets:install command should mirror .dotfiles (.htaccess)
PoFileDumper - PO headers
removed whitespaces
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Security/Core/Encoder/BCryptPasswordEncoder.php
This PR was merged into the 2.3 branch.
Discussion
----------
[Process] Fix latest merge from 2.2 in 2.3
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes (Process tests are okay)
| License | MIT
Fix latest merge from 2.2 in 2.3, see #9182
Process tests are okay, an error in HttpKernel seems to occur
Commits
-------
b5e3576 [Process] Fix latest merge from 2.2 in 2.3
This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes#9237).
Discussion
----------
[FrameworkBundle] assets:install command should mirror .dotfiles (.htaccess)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The `assets:install` command currently ignores all *.dotfiles* when mirroring the `Resources\public` folders of bundles. This can lead to issues when *.htaccess* files are required for some public assets (ie.: CORS headers for font files to be served via Cloudfront).
Since the assets being installed are clearly in a folder called `public`, we can safely assume that those files are in fact supposed to be accessible and copy them over with the normal files.
Commits
-------
9c884a0 [FrameworkBundle] assets:install command should mirror .dotfiles (.htaccess)
This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes#9223).
Discussion
----------
[Translator] PoFileDumper - PO headers
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6765 - partially
| License | MIT
| Doc PR |
Po files should not be dumped without a header. It causes a lot of problems, including charset issues.
See #6765 / 1 for more info
Commits
-------
e93bc50 [Translator] PoFileDumper - PO headers
* 2.2:
[Process] Fix#9182 : random failure on pipes tests
Fixed propel guessed relations
[FramworkBundle][HttpKernel] Check event listener services are not abstract
fixed CS
Check for lock existence before unlinking
[FrameworkBundle] fixed path replacement on Windows
Conflicts:
src/Symfony/Component/Process/Process.php